The DHCP snooping technology is a DHCP security feature, where a DHCP Snooping binding table is established and maintained by monitoring DHCP packets between a DHCP client and a DHCP server, and during packet forwarding, the binding table is used to check Address Resolution Protocol (ARP) packets and Internet Protocol (IP) packets and filter unauthorized packets, thereby implementing a network security function. A DHCP Snooping binding table includes such information as a client's IP address, Media Access Control (MAC) address, ingress port number, and virtual local area network (Virtual LAN or VLAN) number. After a DHCP Snooping function is enabled, a network device obtains a client's IP address, MAC address, ingress port number, and VLAN number according to exchanged DHCP packets between the client and the server, and further forms a DHCP Snooping binding table. The binding table works with an ARP detection function to achieve a purpose of controlling network access of a client.
In the prior art, the DHCP Snooping function is enabled by configuring a command after the network device starts to operate. After the DHCP Snooping function is enabled, a DHCP Snooping binding table is generated according to the snooped exchanged DHCP packets, and information required for generating the binding table can be obtained only from exchanged DHCP packets for initially establishing a connection between a DHCP client and the DHCP server. If connections between some DHCP clients and the DHCP server have already been established and then the DHCP Snooping function is enabled, the information required for establishing a DHCP Snooping table cannot be obtained, and a DHCP Snooping binding table cannot be generated for these clients. This may cause a lack of a DHCP Snooping binding table of these clients. As no definite chronological dependency exists between enabling the DHCP Snooping function by using a command line and establishing a connection between a DHCP client and the DHCP server, some clients may have established connections with the DHCP server before the DHCP Snooping function is enabled. Data packets sent by these clients may fail the DHCP Snooping detection and be discarded because no DHCP Snooping binding table is generated for them. These clients need to re-establish an exchange relationship with the DHCP server, and this process may lead to loss of their traffic.